Opened at 2012-01-25T04:53:44Z
Last modified at 2014-08-23T21:30:59Z
#1665 new task
Brainstorm webapi vulnerabilities between the operator and a user and between users. — at Initial Version
| Reported by: | nejucomo | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | undecided |
| Component: | code-frontend-web | Version: | n/a |
| Keywords: | docs security webapi introducer accounting status websec multiuser-gateway | Cc: | warner |
| Launchpad Bug: |
Description
Problem: The webapi interface design seems to presume the node operator and users are mutually trusting. There is some demand for "public" web gateways to content in a LAFS network, where the users and gateway operator do not fully trust each other.
Resolution: This ticket is resolved when the vulnerabilities are enumerated to the operator coming from users, to the users from the operator, and from the users between themselves.
Bonus Points awarded for each of: configuration options which reduce a given vulnerabily's risk; workarounds which do not require code patches (external tools are ok); and outlines of code patches to reduce the vulnerability.
Note: See
TracTickets for help on using
tickets.
